PHP code DE-Obfuscation

3 replies [Last post]
TheMessenger
TheMessenger's picture
Offline
Neophyte
Joined: 2009/11/28

So one of my clients that I don't personally host were subject to a wordpress vulnerability a couple of weeks ago.

I was able to subvert the attack which cleverly changed the behavior of WordPress only if a search engine robot accessed the domain. Robots would be redirected to a page trying to sell Cialis. Anyways I have been curious as to the nature of the code so I have started to de-obfuscate the data portion of the injected code.
Of course so everyone can have some fun I figured I would share it with you guys in case anyone wanted to play around with it.

pastie:
http://www.pastie.org/private/cpuznmjnf72wyzc6z4r0va

Have Fun

Man is not the lord of beings. Man is the shepherd of Being. - Martin Heidegger